News & Media
Hands holding phone with email alert on screen
Suwaree Tangbovornpichet / EyeEm

Wire Scam Won’t End Because It Still Works

Homebuyers keep losing deposits and even homes under contract because hackers jump in at the last minute and email them false wiring instructions.

NEW YORK – The Internet Crime Complaint Center (IC3) – a database used by domestic law enforcement agencies that contains more than two dozen types of crimes – receives an average 2,300 cybercrime complaints per day.

Of those complaints, business email compromise (BEC) scams increasingly target homebuyers.

Under the scam, a criminal gains access to emails from a trusted partner in a home buying transaction, such as a title company, lawyer or construction firm. They monitor back-and-forth communications until it’s time to make a deposit or send a final amount to close on the home. Since the hackers have access to a transaction firm’s email system, the buyer receives an email that actually came from the trusted business they’ve been working with. In these cases, scammers may monitor correspondence about specific transactions for months before swooping in to send fake wiring instructions.

When the scam email arrives, it appears legitimate. However, it typically contains a slight variances in the links if the buyer chooses to respond via “reply,” such as a return email address that has a “1” somewhere in the middle where an “i” usually appears.

The results can cost buyers tens or hundreds of thousands of dollars.

One IC3 complaint involved an attempted hack on a construction company in Long Island when thieves sought to embezzle $30,000 via fake statement claims. A complaint filed against the hacker enabled law enforcement to identify more than $9 million worth of stolen funds affecting more than 50 consumers. Real estate losses amounted to more than $2 million, according to a source familiar with the matter.

In some cases, BEC scammers compile contact information for entities involved in any real estate transaction – lawyers, brokers, title agencies, mortgage lenders – once they break into their system and then send mass phishing emails to this database. The scam emails may provide a link that leads to a website that resembles – or looks virtually identical to – the real estate agent or title company’s email login page.

Source: Bloomberg (10/07/22) Wong, Natalie

© Copyright 2022 INFORMATION INC., Bethesda, MD (301) 215-4688